Remembered Device attributes

The
rememberedDevices
element of the registration policy defines how Remembered Devices (Device Fingerprint) are supported. Trusted Device is not supported through the VIP Account Policy API except as indicated in the following table. You can set the following values:
  • deviceFingerPrint
  • maxAllowed
  • deviceDeletion
The following table lists the
rememberedDevices
attributes available to the registration policy. The table also lists the default
rememberedDevices
values.
VIP Attributes of the
rememberedDevices
element of
registrationPolicy
Attribute
Type
Description
Default Policy Value
deviceDeletion
String
How Remembered Devices registrations are deleted for a user, when the user attempts to register more than the maximum allowed:
Although you cannot set other Trusted Device policy values with the Policy API, the
deviceDeletion
value does apply to Trusted Devices. Both Device Fingerprint and Trusted Device registrations count towards the maximum allowed.
  • AUTO
    : Automatically delete the least-recently used device registration when the user registers another device. Users and administrators can manually delete device registrations at any time.
  • ADMINONLY
    : Only the VIP administrator can delete a device registration. The user cannot delete any device registrations without administrator intervention.
"deviceDeletion": "AUTO"
deviceFingerPrint
String
Whether Device Fingerprint is enabled. Set
enabled
to
Y
to enable Device Fingerprint.
N
disables Device Fingerprint.
If you enable Device Fingerprint, you must also set one or both of the following:
You must send
"enabled": "Y"
when updating any
deviceFingerprint
attributes.
  • expiration
    : The maximum number of days that a device fingerprint is valid before the authenticator becomes inactive and cannot be used to authenticate. The user must contact an administrator if the authenticator becomes inactive.
    Value must be from 30 through 730, inclusive.
  • noAuthExpiration
    : The maximum number of days that a user can go without using an authenticator to authenticate before the authenticator becomes inactive and cannot be used to authenticate. The user must contact an administrator if the authenticator becomes inactive.
    Value must be from 15 through 365, inclusive. If you do not set this value, users must register again after the number of days set in
    expiration
    .
"deviceFingerPrint": { "enabled": "N", "expiration": 365, "noAuthExpiration": 90 }
maxAllowed
String
The maximum number of Remembered Devices that a user can register at one time. Value must be from 1 through 20, inclusive.
"maxAllowed": 20